Kenya debate: Government systems lead to online fraud

Kenya is one of the few African countries pushing the adoption of the internet in government matters. This has been seen with the launch of online tax filing known as iTax and a government procurement platform known as Integrated Financial Information Management System (IFMIS).

The IFMIS system is expected to be used by all government bodies while procuring goods and services. During the 2015/2016 budget released in mid-June, the government stated that it aims to digitise all its payments. Yet such bold movements do not come without problems.

Right after the announcement by the government of these plans, the IFMIS was dragged into a massive procurement brawl which saw critics saying the e-procurement platform was not safe enough.

The initial focus was on the National Youth Service (NYS) where a series of transactions, that could have defrauded the NYS by over Kshs 800 million (US$80 million), were flagged in the system. Yet according to the ministry officials, the fraud did not happen.

During the debate, many legislators castigated the system saying that it was weak and it could be manipulated. But the Cabinet Secretary for Devolution and Planning (of which NYS is part), Anne Waiguru, defended the system saying that it worked as it was supposed to by flagging fraudulent activities.

Many experts have come out to defend this. Ismael Kulubi, who writes about governance issues in Kenyan dailies, said that the system can be trusted.

In an article published on the Standard, Kulubi said that: “In the old days of manual procurement, billions of shillings were lost and hitherto, we do not even have an inkling as to how much Kenya lost or whose pockets the money disappeared to. IFMIS has heralded an era where shredding and burning of files to hide evidence or briefcase companies being paid billions and not delivering will not fly anymore.”

Even though the system had prevented fraud, human interference cannot be ruled out. In an investigative piece by the Nation Newspaper, it was revealed that there was an attempted manual change to some details in the procurement system. A deputy director of the NYS claimed that his password for the system was stolen and that fraudulent entries for payment were made in his account.

While commenting about best practices in IT systems, Bethwel Opil who is the Channel Sales Partner for Kaspersky in East Africa said that human interference should be curtailed.

“In general it is important for any organisation to carefully arrange and manage IT systems, and always consider the human element in IT security and the potential risks this can pose, such as data leakage, fraud, malware infection due to becoming a victim of cybercriminals who use social engineering a lot,” Opil told IDG Connect.

He added that for critical and important infrastructures, such as medical, financial, and electricity-providing organisations, regular professional vulnerability assessments and penetration testing is required.

“And of course there should be security policies and employee education in place, along with effective specialised security solutions with technologies like whitelisting and default deny mode and others,” he stated.

Having a professional digital audit from time to time could also curb some anomalies saving the government millions of dollars.

Soon after the IFMIS fiasco was unravelled, the government was again in defensive mode as they had to warn the public of a fraudulent copy-cat website that was luring unsuspecting users.

Uwezo Fund, which is a government initiative to support women and youths in starting their own businesses by providing loans, had a copy cat site: Uwezofund.org (currently unavailable). The Kenyan website is Uwezo.go.ke which has the official government domain extension.

The government said that the fake site required applicants to send Kshs 375 (US$3.75) bank ledger fees before they are sent application information. Even though this is not a big amount, if 10,000 people are lured into sending the money, the fraudsters would make a killing.

Such breaches cost the government in reputation and also cheat the public of their hard earned cash.

During a past African Domain Name forum held in Nairobi Kenya, Internet Society official Dawit Bekele, the regional Bureau Director for Africa said, “One challenge with the internet is that not everyone who uses it understands it. It is like drivers who do not know the rules [of the road], can be dangerous.”

“It is important that we educate our society. I have to say we are not very good [at that] in Africa. Technology comes, sometimes we adopt it without really knowing exactly what comes with it.

He encouraged all African governments to be at the forefront of making the internet space safe for economic growth.